registry  /  @specship/specship-darwin-arm64  /  0.11.8

@specship/specship-darwin-arm64@0.11.8

SpecShip self-contained bundle for darwin-arm64

AI Security Review

scanned 7d ago · by lpm-firewall-ai

No confirmed malicious attack surface. The sensitive behavior is a user-invoked Claude Code installer for SpecShip MCP integration, aligned with the package purpose and not triggered by npm lifecycle or import.

Static reason
One or more suspicious static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs bin/specship or specship install
Impact
Claude Code can launch SpecShip MCP and optionally auto-allow listed SpecShip tools after user opt-in/default install choices
Mechanism
Explicit installer writes SpecShip MCP config, permissions, hooks, commands, and optional SDD/statusline entries
Rationale
Static inspection shows no lifecycle execution, credential harvesting, exfiltration, destructive behavior, or unconsented AI-agent control-surface mutation. The scanner hits map to expected bundled CLI, installer, local Claude integration, local CDP/design features, and bundled native/WASM runtime assets.
Evidence
package.jsonbin/specshiplib/package.jsonlib/dist/bin/specship.jslib/dist/installer/index.jslib/dist/installer/targets/claude.jslib/dist/installer/targets/shared.js~/.claude.json./.mcp.json~/.claude/settings.json./.claude/settings.json~/.claude/commands/specship/*.md./.claude/commands/specship/*.md~/.claude/agents/specship-explorer.md./.claude/agents/specship-explorer.md~/.claude/CLAUDE.md./CLAUDE.md
Network endpoints3
claude.ai/design127.0.0.1:<DESIGNER_CDP>/json/list127.0.0.1:<DESIGNER_CDP>/json/version

Decision evidence

public snapshot
AI called this Clean at 88.0% confidence as Benign with medium false-positive risk.
Evidence for block
    Evidence against
    • package.json has no lifecycle scripts; top-level package only ships node/lib/bin.
    • bin/specship execs bundled Mach-O node with lib/dist/bin/specship.js and user args.
    • lib/dist/bin/specship.js runs installer only when user invokes specship with no args; install is an explicit CLI command.
    • lib/dist/installer/targets/claude.js writes Claude MCP/settings/hooks/commands during user-invoked install, not install-time import.
    • lib/dist/installer/index.js npm install -g prompt is interactive and package-aligned PATH setup, skipped with --yes.
    • new Function in installer is limited to dynamic import helper for ESM prompts.
    Behavioral surface
    Source
    ChildProcessCryptoDynamicRequireEnvironmentVarsEvalFilesystemNetworkShellWebSocket
    Supply chain
    HighEntropyStringsMinifiedObfuscatedProtestwareTelemetryUrlStrings
    ManifestNo manifest risk signals triggered.
    scanned 341 file(s), 4.02 MB of source, external domains: 127.0.0.1, angular.dev, claude.ai, docs.claude.com, github.com, mcp.sentry.dev, www.w3.org
    Oversized source lightweight scan
    lib/dist/web/chunk-JTFXTIPE.js3.48 MB file, sampled 256 KB
    ChildProcessEnvironmentVarsShellObfuscatedHighEntropyStringsMinified

    Source & flagged code

    9 flagged · loading source
    lib/dist/health/smoke-check.jsView file
    56const path = __importStar(require("path")); L57: const child_process_1 = require("child_process"); L58: const sqlite_adapter_1 = require("../db/sqlite-adapter");
    High
    Child Process

    Package source references child process execution.

    lib/dist/health/smoke-check.jsView on unpkg · L56
    lib/dist/bin/specship.jsView file
    225// eslint-disable-next-line @typescript-eslint/no-implied-eval L226: const importESM = new Function('specifier', 'return import(specifier)'); L227: // Block SpecShip on Node.js 25.x — V8's turboshaft WASM JIT has a Zone
    High
    Eval

    Package source references dynamic code evaluation.

    lib/dist/bin/specship.jsView on unpkg · L225
    lib/dist/ui/shimmer-worker.jsView file
    2Object.defineProperty(exports, "__esModule", { value: true }); L3: const worker_threads_1 = require("worker_threads"); L4: const fs_1 = require("fs");
    Medium
    Dynamic Require

    Package source references dynamic require/import behavior.

    lib/dist/ui/shimmer-worker.jsView on unpkg · L2
    lib/dist/designer/cdp-ensure.jsView file
    9const node_path_1 = __importDefault(require("node:path")); L10: const node_child_process_1 = require("node:child_process"); L11: const cross_platform_1 = require("./cross-platform"); L12: const cdp_env_1 = require("./cdp-env"); L13: const PORT = process.env.DESIGNER_CDP || '9222'; L14: const PROFILE = node_path_1.default.join(node_os_1.default.homedir(), '.chrome-designer-profile'); ... L17: try { L18: const res = await fetch(`http://127.0.0.1:${PORT}/json/version`, { signal: AbortSignal.timeout(1500) }); L19: return res.ok;
    High
    Same File Env Network Execution

    A single source file combines environment access, network access, and code or shell execution; review context before blocking.

    lib/dist/designer/cdp-ensure.jsView on unpkg · L9
    lib/dist/installer/index.jsView file
    123try { L124: (0, child_process_1.execSync)('npm install -g @specship/specship', { stdio: 'pipe', windowsHide: true }); L125: s.stop('Installed specship CLI on PATH');
    High
    Runtime Package Install

    Package source invokes a package manager install command at runtime.

    lib/dist/installer/index.jsView on unpkg · L123
    path = node kind = native_binary sizeBytes = 120573328 magicHex = [redacted]
    Medium
    Ships Native Binary

    Package ships native binary artifacts.

    nodeView on unpkg
    lib/dist/extraction/wasm/tree-sitter-scala.wasmView file
    path = lib/dist/extraction/wasm/tree-sitter-scala.wasm kind = wasm_module sizeBytes = 4958320 magicHex = [redacted]
    Medium
    Ships Wasm Module

    Package ships WebAssembly modules.

    lib/dist/extraction/wasm/tree-sitter-scala.wasmView on unpkg
    lib/dist/web/chunk-JTFXTIPE.jsView file
    path = lib/dist/web/chunk-JTFXTIPE.js kind = oversized_source_file sizeBytes = 3651043 magicHex = [redacted]
    High
    Oversized Source File

    Package contains source files above the static scanner size ceiling.

    lib/dist/web/chunk-JTFXTIPE.jsView on unpkg
    lib/dist/installer/targets/claude.jsView file
    matchType = previous_version_dangerous_delta matchedPackage = @specship/specship-darwin-arm64@0.11.7 matchedIdentity = npm:[redacted]:0.11.7 similarity = 0.992 summary = stored previous version shares package body but lacks this dangerous source file
    Critical
    Previous Version Dangerous Delta

    This package version adds a dangerous source file absent from the previous stored version.

    lib/dist/installer/targets/claude.jsView on unpkg

    Findings

    1 Critical6 High7 Medium5 Low
    CriticalPrevious Version Dangerous Deltalib/dist/installer/targets/claude.js
    HighChild Processlib/dist/health/smoke-check.js
    HighShell
    HighEvallib/dist/bin/specship.js
    HighSame File Env Network Executionlib/dist/designer/cdp-ensure.js
    HighRuntime Package Installlib/dist/installer/index.js
    HighOversized Source Filelib/dist/web/chunk-JTFXTIPE.js
    MediumDynamic Requirelib/dist/ui/shimmer-worker.js
    MediumNetwork
    MediumEnvironment Vars
    MediumProtestware
    MediumShips Native Binarynode
    MediumShips Wasm Modulelib/dist/extraction/wasm/tree-sitter-scala.wasm
    MediumStructural Risk Force Deep Review
    LowFilesystem
    LowObfuscated
    LowHigh Entropy Strings
    LowTelemetry
    LowUrl Strings